Common operational misconceptions
Steven Bellovin
smb at cs.columbia.edu
Tue Feb 21 03:44:36 UTC 2012
On Feb 20, 2012, at 10:27 PM, Masataka Ohta wrote:
> Steven Bellovin wrote:
>
>>> Timer timeouts do not affect TCP MSS.
>
>> RFC 2923:
>> TCP should notice that the connection is timing out. After
>> several timeouts, TCP should attempt to send smaller packets,
>> perhaps turning off the DF flag for each packet. If this
>> succeeds, it should continue to turn off PMTUD for the connection
>> for some reasonable period of time, after which it should probe
>> again to try to determine if the path has changed.
>
> So?
>
>> It's Informational, not standards track, but the problem
>> -- and the fix -- have been known for a very long time.
>
> I'm not sure what, do you think, is the problem, because the
> paragraph of RFC2923 you quote has nothing to do with TCP
> MSS.
Sure it does. That's in 2.1; the start of it discusses PMTUD
failing for various reasons including firewalls.
>
> The relevant section of the RFC (relevant to MSS) should be:
>
> The MSS should be determined based on the MTUs of the interfaces on
> the system, as outlined in [RFC1122] and [RFC1191].
>
> which means MSS is constant.
The text I quoted says, in so many words, "send smaller packets".
I don't know how it's possible to be more explicit than that.
>
> Note also that the next paragraph (next to the paragraph you
> quote) of the RFC eventually says to use PMTU of 1280B for
> IPv6 if there are black holes. It is not a very good thing
> to do especially for IP over IP tunnels, because 1280B
> packets are always fragmented if they are carried over a
> tunnel with MTU of 1280B.
Please cite in context. The text I quoted says that one option
is to try turning off DF; the next paragraph notes that you can't
do that on v6. It also doesn't say to to use PMTU of 1280, it
says that that's a good fallback, and notes that v6 support requires
that. Although it doesn't say so, I'll note that IP in IP makes the
outer IP effectively a link layer for the inner IP; as such, it has
to preserve all of the relevant properties including a link MTU of
1280. If that doesn't work -- though it most likely will, since
the most common hardware MTU is from the ancient 1500 byte Ethernet
size -- the outer IP endpoint has to deal with it appropriately,
such as by intentional fragmentation. just as is done for IP over
ATM with its 53-byte cell size (RFC 2225).
>
> As implosion cause by multicast PMTUD of IPv6 requires ICMP
> PTB black holed, you can expect a lot of black holes.
>
> Masataka Ohta
>
--Steve Bellovin, https://www.cs.columbia.edu/~smb
More information about the NANOG
mailing list